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DETAILED ACTION 

1 . This action is in reply to applicant's correspondence of 29 November 2005. 

2. Claims 1-65 are pending for examination. 

3. Claims 1-65 remain rejected. 

Oaim Rejections - 35 USC§102 
The examiner acknowledges and thanks the applicant for pointing out the typographical 
error concerning the 35 U.S.C. 102 paragraph rejection in the previous office action. 

The following is a quotation of the appropriate paragraphs of 35 U.S.C 102 that form the 
basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 1 22(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international apphcation filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international apphcation designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

4. Claims 1-65 are rejected under 35 U.S.C. 102(e) as being anticipated by Olden, U.S. 
Patent 6,460,141 Bl. 

5. As per claim 1; "A method for providing access to resources [Abstract, figures 1-33 and 
accompanying descriptions], comprising the steps of: 

acquiring user identification information fi*om a first authentication system, 

said user identification information is associated with a request fi-om a first user to 
access a first resource. 
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said step of acquiring is performed by an authorization system, 
said authorization system is separate from said first authentication system [figures 
1-5 and accompanying descriptions, whereas the authorization component, entitlement 
server component, administrative client/resource consumer (at the user, group, and realm 
level insofar as user identification information would be concerned), and enabled web 
server, as broadly interpreted by the examiner correspond respectively, to the applicant's 
authorization system, first authentication system, user identification information (source 
thereof), and accessible resources.]; 

relying on said first authentication system for authenticating said first user: 

using said user identification information to access an identity profile associated with said 
user identification information [figures 1-5, and particularly figures 2,3, and accompanying 
descriptions, whereas the entitlement creation/assignment in the access rights, user/group/realm 
information (i.e., the database referencing aspects thereof) pertaining to user ID, name, address, 
password, ACL analog, etc., aspects, as broadly interpreted by the examiner correspond, to the 
applicant's ' ... using said user ... information to access ... profile ...'.]; and 

performing, at said authorization system, authorization services for said request to access 
said first resource based on said identity profile associated with said user identification 
information [figures 1-33, and accompanying descriptions, whereas the actual authorization 
servicing functionality per se, as broadly interpreted by the examiner correspond, to the 
applicant's ' ... performing authorization services ...'.]; 

wherein said authorization services comprise determining whether said first user is 
authorized to access said first resource [figures 1-33, and accompanying descriptions, whereas 
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the actual authorization servicing functionality per se, as broadly interpreted by the examiner 
correspond, to the applicant's claim limitation.] : and 

wherein authenticating said first user comprises verifying an identity of said first user 
[figures 1-5, and particularly figures 2,3, and accompanying descriptions, whereas the 
entitlement creation/assignment in the access rights, user/group/realm information (i.e., the 
database referencing aspects thereof) pertaining to user ID, name, address, password, ACL 
analog, etc., aspects, as broadly interpreted by the examiner correspond, to the applicant's claim 
limitation.]."; 

Further, as per claim 32, this claim is the embodied method software for the method 
claim 1 above, and is rejected for the same reasons provided for the claim 1 rejection; 

Further, as per claim 38, this claim is the apparatus/system for the method claim 1 above, 
and is rejected for the same reasons provided for the claim 1 rejection. 

6. Claim 2 additionally recites the limitation that; "A method according to claim 1, wherein: 
said step of acquiring user identification includes reading a user ID fi^om an internal web server 
variable/'. 

The teachings of Olden are directed towards such hmitations (i.e., col. 23,lines 45-coI. 24,Iine 
57, whereas the ' . . . cookie is created for each user . . . ' which clearly is a web server variable 
(i.e., cookie) based on user information/ID/variables and the transfer thereof, as broadly 
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interpreted by the examiner would clearly encompass ' . . . acquiring user identification . . . user 
ID . . . web server variable . . . \). 

7. Claim 3 additionally recites the limitation that; "A method according to claim 2, further 
comprising the step of: 

allowing a first user to access said first resource if said step of performing determines that 
said first user is authorized to access said first resource based on said identity profile, said first 
user is associated with said identity profile and said request.". 
The teachings of Olden are directed towards such limitations (i.e., figures 1-33, and 
accompanying descriptions, whereas the actual authorization servicing fiinctionality and 
subsequent resource access (i.e., retrieve a web document/file/page) per se, as broadly interpreted 
by the examiner correspond, to the applicant's ' . . . access . . . resource . . . authorized to access . . . 
resource ... profile...'.). 

8. Claim 4 additionally recites the limitation that; "A method according to claim 1, wherein 
relying on said first authentication system comprises the steps of 

receiving information about said request; 

determining whether said first resource is protected; and 

determining that authentication for said first resource is to be performed by said first 
authentication system.". 

The teachings of Olden are directed towards such limitations (i.e., figures 1-33, and particularly 
figure 28, and accompanying descriptions, whereas the actual authorization servicing 
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functionality and subsequent resource access (i.e., retrieve a web document/file/page) per se, 
inherently require the setup of access requirements in order to create the user/group/realm levels 
of access criteria as related to the associated resources in question (i.e., to protect or not, and at 
what level of secured protection), as broadly interpreted by the examiner correspond, to the 
applicant's * . . . determining . . . resource is protected; . . . authentication . . . resource is to be 
performed ...'.). 

Further, as per the claim 33 additionally recited limitation, this claim is the embodied 
method software for the method claim 4 above, and is rejected for the same reasons provided for 
the claim 4 rejection. 

Further, as per the claim 41 additionally recited limitation, this claim is the 
apparatus/system for the method claim 4 above, and is rejected for the same reasons provided for 
the claim 4 rejection. 

9. Claim 5 additionally recites the limitation that; "A method according to claim 1, wherein: 

said step of acquiring user identification includes acquiring a plurality of data items 
which can be used to identify a user.". 

The teachings of Olden are directed towards such limitations (i.e., col. 7,lines 10-col. 8,line 5, 
whereas the actual authorization servicing fiinctionality and subsequent resource access (i.e., 
retrieve a web document/file/page) per se, inherently require the setup of access requirements in 
order to create the user/group/realm levels of access criteria as related to the associated resources 
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in question (i.e., to protect or not, and at what level of secured protection), and further, such user 
level criteria such as "for example, user ID, first name, last name . . .", as broadly interpreted by 
the examiner correspond, to the applicant's ' . . . acquiring user identification . . . plurality of data 
items ... identify a user 

10. Claim 6 additionally recites the limitation that; "A method according to claim 1, further 
comprising the step of: 

acquiring one or more data items in addition to said user identification information, raid 
step of performing authorization services uses said one or more data items to attempt to authorize 
access to said first resource in response to said request.". 

The teachings of Olden are directed towards such limitations (i.e., col. 7,lines 10-col. 8,line 5, 
whereas the actual authorization servicing functionality and subsequent resource access (i.e., 
retrieve a web document/file/page) per se, inherently require the setup of access requirements 
(i.e., one or more data items) in order to create the user/group/realm levels of access criteria as 
related to the associated resources in question (i.e., to protect or not, and at what level of secured 
protection), and fiuther, such user level criteria such as "for example, user ID, first name, last 
name ... as well as extendible attributes . . .", as broadly interpreted by the examiner correspond, 
to the applicant's ' . . . acquiring . . . data items in addition . . . identification information, . . . 
authorization services uses said one or more data ...'.). 
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Further, as per the claim 34 additionally recited limitation, this claim is the embodied 
method software for the method claim 6 above, and is rejected for the same reasons provided for 
the claim 6 rejection. 

1 1 . Claim 7 additionally recites the limitation that; "A method according to claim 1, wherein: 
said authorization system is part of an access system that protects a plurality of resources, 
said plurality of resources includes said first resource, a second resource and a third 
resource; 

said first resource uses said first authentication system for authentication services; 

said second resource uses a second authentication system for authentication services, 
said second authentication system is separate fi-om said access system; and 

said third resource uses a third authentication system for authentication services, 
said third authentication system is separate fi'om said access system.". 
The teachings of Olden are directed towards such limitations (i.e., col. 3,lines 24-col. 4,line 45, 
col. 6,lines 36-62, col. 9,lines 63-col. 1 l,Une 54, col. 19,lines 43-col. 20,line 57, whereas the \ . . 
pliirality of authorization servers ... at least one authorization dispatcher . . . communicate with 
the entitlements server component which clearly encompasses plural 
authentication/authorization/access to resources aspects, as broadly interpreted by the waminer 
would clearly encompass ' . . . authorization system is part . . . protects a plurality of resources, . . . 
said first resource uses said first authentication system for authentication services; said second 
resource . . . said third resource . . . authentication system ...'.). 
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12. Claim 8 additionally recites the limitation that; "A method according to claim 7, wherein: 
said first authentication system is a default web server authentication system; 

said second authentication system is an authentication plug-in; and 
said third authentication system is a third party authentication system.". 
The teachings of Olden are directed towards such limitations (i.e., col. 3,Hnes 24-col. 4,line 45, 
col. 6,lines 36-62, col. 9,lines 63-col. 1 l,line 54, col. 19,lines 43-col. 20,line 57, whereas the "... 
plurality of authorization servers ... at least one authorization dispatcher . . . conmiunicate with 
the entitlements server component . . . Web server plug-ins are started. . . cookies . . . Web server 
plug-ins which clearly encompasses plural authentication/authorization/access to resources 
aspects, as broadly interpreted by the examiner would clearly encompass ' ... first authentication 
system ... default web server ... second authentication ... plug-in; and said third authentication 
. . . third party authentication system. ..'.). 

13. Claim 9 addittonally recites the limitation that; "A method according to claim 1, wherein: 
said authorization system is part of an access system that protects a plurality of resources, 
said access system provides for use of one or more internal authentication systems and 
said access system provides for reliance on one or more external authentication systems, 
said one or more external authentication systems include said first authentication 

system.". 

The teachings of Olden are directed towards such limitations (i.e., col. 3,lines 24-col. 4,line 45, 
col. 6,lines 36-62, col. 9,lines 63-col. ll,line 54, col. 19,lines 43-col. 20,line 57, whereas the 
plurality of authorization servers ... at least one authorization dispatcher . . . conmiunicate with 
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the entitlements server component . . / which clearly encompasses plural 
authentication/authorization/access to resources aspects, insofar as the inherent robust nature of 
the network architecture, inclusive of the intranet (i.e., internal server aspects) and Internet web 
(i.e., external server aspects) as broadly interpreted by the examiner would clearly encompass ' 
. . . authorization system . . . access system that protects a plurality of resources, . . . internal 
authentication systems . . . reliance . . . external authentication systems, . . . first authentication 
system ...'.). 

Further, as per the claim 35 additionally recited limitation, this claim is the embodied 
method software for the method claim 9 above, and is rejected for the same reasons provided for 
the claim 9 rejection. 

Further, as per the claim 39 additionally recited limitation, this claim is the 
apparatus/system for the method claim 9 above, and is rejected for the same reasons provided for 
the claim 9 rejection. 

14. Claim 1 1 additionally recites the limitation that; "A method according to claim 1, further 

comprising the steps of: 

using said user identification information to create information for a cookie; and 
causing said cookie to be transmitted for storage on a client associated with said 

request.". 
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The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-col. 24,line 
57, whereas the * . . . cookie is created for each user . . . ' which clearly is a cookie based on user 
information/variables and the transfer thereof, as broadly interpreted by the examiner would 
clearly encompass ' . . . using . . . information to create . . . cookie; . . . storage on a client . . . \). 

15. Claim 12 additionally recites the limitation that; "A method according to claim 1 1, 
further comprising the step of: 

performing single sign-on services based on said cookie.". 
The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-col. 24,line 
57, whereas the ' . . . supports single sign on . . . cookie is created for each user . . . eliminating the 
need . . . submit . . . password again' which clearly is a cookie based on user 
information/variables and the transfer thereof, as broadly interpreted by the examiner would 
clearly encompass ' . . . single sign-on services based on said cookie ...'.). 

Further, as per the claim 36 additionally recited limitation, this claim is the embodied 
method software for the method claims 1 1,12 above, and is rejected for the same reasons 
provided for the claims 1 1,12 rejection. 

16. Claim 13 additionally recites the limitation that; "A method according to claim 1 1, 
further comprising the steps of: 

receiving a request to access a second resource, 

said request to access said second resource includes contents of said cookie; and 
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using said cookie to authorize access to said second resource without authenticating.". 
The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-col. 24,line 
57, whereas the * . . . supports single sign on . . . cookie is created for each user . . . eliminating the 
need . . . submit . . . password again' which clearly is a cookie based on user 
information/variables and the transfer thereof, as broadly interpreted by the examiner would 
clearly encompass "... using . . . information to create . . . cookie; . . . storage on a client . . . cookie 
to authorize access ... without authenticating'.). 

Further, as per the claim 40 additionally recited limitation, this claim is the 
apparatus/system for the method claims 11,13 above, and is rejected for the same reasons 
provided for the claims 11,13 rejection. 

17. Claim 14 additionally recites the limitation that; "A method according to claim 1 1, 
further comprising the steps of: 

receiving a request to access a second resource at a second server, 

said request to access said first resource was received at a first server but not at 

said second server, 

said first authentication system does include said first server and does not include 
said second server, 

said step of receiving said request to access said second resource includes 
receiving contents of said cookie; and 
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using said cookie at said second server to authorize access to said second resource 

without authenticating.". 
The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-col. 24,line 
57, whereas the ' . . . supports single sign on . . . cookie is created for each user . . . eliminating the 
need . . . submit . . . password again* which clearly is a cookie based on user 
information/variables and the transfer thereof and further, the inherent nature of cookie 
creation/transfer is such that the cookies have a basically one-to-one relationship between the 
server and client so associated. Still further, the IP routing nature of the Internet embodied (at the 
least) embodiment would route packets such that rejection of non-addressed packets would 
inherently occur, such that, as broadly interpreted by the examiner would clearly encompass ' . . . 
using . . . information to create . . . cookie; . . . storage on a client . . . cookie to authorize access . . . 
(multiple server resources) ... without authenticating'.). 

Further, as per the claim 37 additionaity recited limitation, this claim is the embodied 
method software for the method claims 11,14 above, and is rejected for the same reasons 
provided for the claims 11,14 rejection. 

18. As per claim 15; "A method for providing access to resources [Abstract, figures 1-33 and 

accompanying descriptions], comprising the steps of 

acquiring a plurality of variables from a first authentication system, 

said step of acquiring is performed by an authorization system, 

said authorization system is separate from said first authentication system. 
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said variables are associated with a first request fi-om a first user t o access a first 
resource [figures 1-5 and accompanying descriptions, whereas the authorization 
component, entitlement server component, administrative client/resource consumer (at 
the user, group, and realm level insofar as user identification information/ plurality of 
variables would be concerned), and enabled web server, as broadly interpreted by the 
examiner correspond respectively, to the applicant's authorization system, first 
authentication system, user identification information/ plurality of variables (source 
thereof), and accessible resources.]; 

relying on said first authentication svstem for authenticating said first user: 
performing, at said authorization system, authorization services for said request to access 
said first resource based on said plurality of variables [figures 1-33, and accompanying 
descriptions, whereas the actual authorization servicing functionality per se, as broadly 
interpret^ by the examiner correspond, to the applicant's ' . . . performing authorization 
services ...'.]; 

wherein said authorization services comprise determining whether said first user is 
authorized to access said first resource [figures 1-33, and accompanying descriptions, whereas 
the actual authorization servicing functionality per se, as broadly interpreted by the examiner 
correspond, to the applicant's claim limitation.] : and 

wherein authenticating said first user comprises verifying an identity of said first user 
[figures 1-5, and particularly figures 2,3, and accompanying descriptions, whereas the 
entitlement creation/assignment in the access rights, user/group/realm information (i.e., 
the database referencing aspects thereof) pertaining to user ID, name, address, password. 
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ACL analog, etc., aspects, as broadly interpreted by the examiner correspond, to the 
applicant's claim limitation.]". 

Further, as per claim 42, this claim is the embodied method software for the method 
claim 15 above, and is rejected for the same reasons provided for the claim 15 rejection. 

Further, as per claim 46, this claim is the apparatus/system for the method claim 15 
above, and is rejected for the same reasons provided for the claim 15 rejection. 

19. Claim 16 additionally recites the Umitation that; "A method according to claim 15, 
wherein relying on said first authentication system comprises the steps of: 

receiving information from said first request; 

determining whether said first resource is protected; and 

determining that authentication for said first resource is to be performed by said first 
authentication system.". 

The teachings of Olden are directed towards such limitations (i.e., figures 1-33, and particularly 
figure 28, and accompanying descriptions, whereas the actual authorization servicing 
fiinctionality and subsequent resource access (i.e., retrieve a web document/file/page) per se, 
inherently require the setup of access requirements in order to create the user/group/realm levels 
of access criteria as related to the associated resources in question (i.e., to protect or not, and at 
what level of secured protection), as broadly interpreted by the examiner correspond, to the 
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applicant's ' . . . determining . . . resource is protected; . . . authentication . . . resource is to be 
performed ...\). 

Further, as per the claim 43 additionalfy recited limitation, this claim is the embodied 
method software for the method claim 16 above, and is rejected for the same reasons provided 
for the claim 16 rejection. 

Further, as per the claim 47 additionalfy recited limitation, this claim is the 
apparatus/system for the method claim 16 above, and is rejected for the same reasons provided 
for the claim 16 rejection. 

20. Claim 1 7 additionalfy recites the limitation that; "A method according to claim 1 5, 
wherein: 

said authorization system is part of an access system that protects a plurality of resources, 
said access system provides for use of one or more internal authentication systems and 
said access system provides for reliance on one or more external authentication systems, 
said one or more external authentication systems include said first authentication 
system.". 

The teachings of Olden are directed towards such limitations (i.e., col 3,lines 24-col. 4,line 45, 
col. 6,lines 36-62, col. 9,lines 63-col. 11, line 54, col. 19,lines 43-col. 20,line 57, whereas the 
plurality of authorization servers ... at least one authorization dispatcher ... communicate with 
the entitlements server component . . . ' which clearly encompasses plural 
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authentication/authorization/access to resources aspects, insofar as the inherent robust nature of 
the network architecture, inclusive of the intranet (i.e., internal server aspects) and Internet web 
(i.e., external server aspects) as broadly interpreted by the examiner would clearly encompass * 
. . . authorization system . . . access system that protects a plurality of resources, . . . internal 
authentication systems ... reliance ... external authentication systems, ... first authentication 
system...'.). 

Further, as per the claim 44 additionally recited limitation, this claim is the embodied 
method software for the method claim 17 above, and is rejected for the same reasons provided 
for the claim 17 rejection. 

Further, as per the claim 48 additionally recited limitation, this claim is the 
apparatus/system for the method claim 17 above, and is rejected for the same reasons provided 
for the claim 17 rejection. 

21. Claim 18 additionally recite the limitation that; "A method according to claim 15, 

fiirther comprising the steps of 

using said plurality of variables to create information for a cookie; and 
causing said cookie to be transmitted for storage on a client associated with said 

request.". 

The teachings of Olden are directed towards such Hmitations (i.e., col. 23,lines 45-col. 24,line 
57, whereas the ' . . . cookie is created for each user . . . ' which clearly is a cookie based on user 
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information/variables and the transfer thereof, as broadly interpreted by the examiner would 
clearly encompass ' . . . using . . . plurality of variables to create . . . cookie; . . . storage on a client 
...'.)• 



22. Claim 19 additionally recites the limitation that; "A method according to claim 18, 
further comprising the step of: 

performing single sign-on services based on said cookie.". 
The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-col. 24,line 
57, whereas the ' . . . supports single sign on . . . cookie is created for each user . . . ' which clearly 
is a cookie based on user information/variables and the transfer thereof, as broadly interpreted by 
the examiner would clearly encompass ' ... single sign-on services based on said cookie ...'.). 

23. Claim 20 additionally recites the Umitation that; "A method according to claim 18, 
further comprising the steps of: 

receiving a request to access a second resource at a second server, 

said request to access said first resource was received at a first server but not at 
said second server, 

said first authentication system does include said first server and does not include 
said second server, 

said step of receiving said request to access said second resource includes 
receiving contents of said cookie; and 
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using said cookie at said second server to authorize access to said second resource 

without authenticating.". 
The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-coL 24,line 
57, whereas the ' . . . supports single sign on . . . cookie is created for each user . . . eliminating the 
need . . . submit . . . password again* which clearly is a cookie based on user 
information/variables and the transfer thereof, and further, the inherent nature of cookie 
creation/transfer is such that the cookies have a basically one-to-one relationship between the 
server and client so associated. Still further, the IP routing nature of the Internet embodied (at the 
least) embodiment would route packets such that rejection of non-addressed packets would 
inherently occur, such that, as broadly interpreted by the examiner would clearly encompass ' .. . 
using . . . information to create . . . cookie; . . . storage on a client . . . cookie to authorize access . . . 
(multiple server resources) ... without authenticating'.). 

Further, as per the claim 45 additionally recited limitation, this claim is the embodied 
method software for the method claims 18,20 above, and is rejected for the same reasons 
provided for the claims 18,20 rejection. 

Further, as per the claim 49 additionally recited limitation, this claim is the 
apparatus/system for the method claims 18,20 above, and is rejected for the same reasons 
provided for the claims 18,20 rejection. 
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24. As per claim 21 ; "A method for providing access to resources [Abstract, figures 1-33 and 
accompanying descriptions], comprising the steps of: 

acquiring user identification information fi-om an authentication system, 

said user identification information is associated with a request fi-om a first user to 
access a first resource, 

said step of acquiring is performed by an authorization system, 

said authorization system is separate fi'om said authentication system 
[figures 1-5 and accompanying descriptions, whereas the authorization 
component, entitlement server component, administrative client/resource 
consumer (at the user, group, and realm level insofar as user identification 
information would be concerned), and enabled web server, as broadly interpreted 
by the examiner correspond respectively, to the applicant's authorization system, 
first authentication system, user identification information (source thereof), and 
accessible resources.]; 
reiving on said authentication system for authenticating said first user: 
using said user identification information to create information for a cookie; 
causing said cookie to be transmitted for storage on a client associated with said request 
to access said first resource [i.e., col. 23,lines 45-col. 24,line 57, whereas the . . cookie is 
created for each user . .. ' which clearly is a cookie based on user information/variables and the 
transfer thereof, as broadly interpreted by the examiner would clearly encompass * . . . using . . . 
information to create . . . cookie; . . . storage on a client ...'.]; and 
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performingL at said authorization system, a uthorization services for said request to access 
said first resource [figures 1-33, and accompanying descriptions, whereas the actual 
authorization servicing functionality per se, as broadly interpreted by the examiner correspond, 
to the applicant's ' ... performing authorization services ...'.]; 

wherein said authorization services comprise determining whether said first user is 
authorized to access said first resource [figures 1-33, and accompanying descriptions, whereas 
the actual authorization servicing functionality per se, as broadly interpreted by the examiner 
correspond, to the applicant's claim limitation. ]: and 

wherein authenticating said first user comprises verifying an identity of said first user 
[figures 1-5, and particularly figures 2,3, and accompanying descriptions, whereas the 
entitlement creation/assignment in the access rights, user/group/realm information (i.e., the 
database referencing aspects thereof) pertaining to user ID, name, address, password, ACL 
analog, etc., aspects, as broadly interpreted by the examiner correspond, to the apphcant's claim 
limitation.]". 

Further, as per claim 50, this claim is the embodied method software for the method 
claim 21 above, and is rejected for the same reasons provided for the claim 21 rejection. 

Further, as per claim 55, this claim is the apparatus/system for the method claim 21 
above, and is rejected for the same reasons provided for the claim 21 rejection. 
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25. Claim 22 additionally recites the limitation that; "A method according to claim 21, 
wherein: 

said authorization system is part of an access system that protects a plurality of resources, 
said access system provides for use of one or more internal authentication systems 

and 

said access system provides for reliance on one or more external authentication 
systems, 

said one or more external authentication systems include said first 
authentication system.". 
The teachings of Olden are directed towards such limitations (i.e., col. 3,lines 24-col. 4,line 45, 
col. 6,lines 36-62, col. 9,lines 63-col. ll,line 54, col. 19,lines 43-col. 20,line 57, whereas the 
plurality of authorization servers ... at least one authorization dispatcher . . . communicate with 
the entitlements server component ... ' which clearly encompasses plural 
authentication/authorization/access to resources aspects, insofar as the inherent robust nature of 
the network architecture, inclusive of the intrcmet (i.e., internal server aspects) and Internet web 
(i.e., external server aspects) as broadly interpreted by the examiner would clearly encompass ' 
. . . authorization system . . . access system that protects a plurality of resources, . . . internal 
authentication systems . . . reliance . . . external authentication systems, . . . first authentication 
system ...'.). 
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Further, as per the claim 51 additionalfy recited limitation, this claim is the embodied 
method software for the method claim 22 above, and is rejected for the same reasons provided 
for the claim 22 rejection. 

Further, as per the claim 56 additionalfy recited limitation, this claim is the 
apparatus/system for the method claim 22 above, and is rejected for the same reasons provided 
for the claim 22 rejection. 

26. Claim 23 additionalfy recites the limitation that; "A method according to claim 21, 
further comprising the step of: 

performing single sign-on services based on said cookie.". 
The teachings of Olden are directed towards such Umitations (i.e., col. 23,lines 45-col. 24,line 
57, whereas the . . supports single sign on . . . cookie is created for each user . . . eliminating the 
need . . . submit . . . password again' which clearly is a cookie based on user 
information/variables and the transfer thereof, as broadly interpreted by the examiner would 
clearly encompass ' . . . single sign-on services based on said cookie ...'.). 

Further, as per the claim 52 additionalfy recited limitation, this claim is the embodied 
method software for the method claim 23 above, and is rejected for the same reasons provided 
for the claim 23 rejection. 
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Further, as per the claim 57 additionally recited limitation, this claim is the 
apparatus/system for the method claim 23 above, and is rejected for the same reasons provided 
for the claim 23 rejection. 

27. Claim 24 additionally recites the limitation that; "A method according to claim 21, 
further comprising the steps of: 

receiving a request to access a second resource, 

said request to access said second resource includes contents of said cookie; and 

using said cookie to authorize access to said second resource without authenticating.". 
The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-col. 24,line 
57, whereas the .supports single sign on . . . cookie is created for each user . . . eliminating the 
need . . . submit . . . password again' which clearly is a cookie based on user 
information/variables and the transfer thereof, as broadly interpreted by the examiner would 
clearly encompass ' . . . using . . . information to create . . . cookie; ... storage on a client . . . cookie 
to authorize access . . . without authenticating'.). 

Further, as per the claim 53 additionally recited limitation, this claim is the embodied 
method software for the method claim 24 above, and is rejected for the same reasons provided 
for the claim 24 rejection. 
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Further, as per the claim 58 additionally recited limitation, this claim is the 
apparatus/system for the method claim 24 above, and is rejected for the same reasons provided 
for the claim 24 rejection. 

28. Claim 25 additionally recite the limitation that; "A method according to claim 21, 
further comprising the steps of: 

receiving a request to access a second resource at a second server, 

said request to access said first resource was received at a first server but not at 

said second server, 

said first authentication system does include said first server and does not include 
said second server, 

said step of receiving said request to access said second resource includes 
receiving contents of said cookie; and 

using said cookie at said second server to authorize access to said second resource 

without authenticating.". 
The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-col. 24,line 
57, whereas the ' . . . supports single sign on . . . cookie is created for each user . . . eUminating the 
need . . . submit . . . password again' which clearly is a cookie based on user 
information/variables and the transfer thereof, and fiirther, the inherent nature of cookie 
creation/transfer is such that the cookies have a basically one-to-one relationship between the 
server and client so associated. Still fiirther, the IP routing nature of the Internet embodied (at the 
least) embodiment would route packets such that rejection of non-addressed packets would 
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inherently occur, such that, as broadly interpreted by the examiner would clearly encompass ' . . . 
using . . . information to create . . . cookie; , . . storage on a client . . . cookie to authorize access . . . 
(multiple server resources) . . . without authenticating'.). 

Further, as per the claim 54 additionalfy recited limitation, this claim is the embodied 
method software for the method claim 25 above, and is rejected for the same reasons provided 
for the claim 25 rejection. 

Further, as per the claim 59 additionalfy recited limitation, this claim is the 
apparatus/system for the method claim 25 above, and is rejected for the same reasons provided 
for the claim 25 rejection. 

29. As per claim 26; "A method for providing access to resources [Abstract, figures 1-33 and 
accompanying descriptions], comprising the steps of: 

receiving, at an access system, configuration information for a first resource, 

said access system provides for using of one or more internal authentication 

systems and 

said access system provides for reliance on one or more external authentication 
systems, 

said configuration information provides an indication to said access system to rely 
on a first external authentication system for said first resource [i.e., col. 3,lines 24-coL 
4,line 45, col 6,lines 36-62, col. 9,lines 63-col. ll,line 54, col. 19,lines 43-col. 20,line 
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57, whereas the ' . . . plurality of authorization servers ... at least one authorization 
dispatcher . . . communicate with the entitlements server component . . . ' which clearly 
encompasses plural authentication/authorization/access to resources aspects, insofar as 
the inherent robust nature of the network architecture, inclusive of the intranet (i.e., 
internal server aspects) and Internet web (i.e., external server aspects) as broadly 
interpreted by the examiner would clearly encompass ' . . . authorization system . . . access 
system that protects a plurality of resources, . . . internal authentication systems . . . 
reliance ... external authentication systems, ... first authentication system ...'.]; 
receiving a first request fi-om a first user for said first resource [i.e., col. 23,lines 45-col. 
24,line 57, whereas the ' . . . supports single sign on . . . cookie is created for each user . . . 
eliminating the need . . . submit . . . password again* which clearly is configuration 
information (i.e., cookie) based on user information/variables and the transfer thereof, as 
broadly interpreted by the examiner would clearly encompass ' . . . using . . . information 
to create ... configuration information'.]; 

relying on said first external authentication system for authenticating said first user, and 
performing, at said authorization system, authorization services for said first request 
[figures 1-33, and accompanying descriptions, whereas the actual authorization servicing 
fimctionality per se, as broadly interpreted by the examiner correspond, to the applicant's 
' ... performing authorization services ...'.]; 

wherein said authorization services comprise determining whether said first user is 
authorized to access said first resource [figures 1-33, and accompanying descriptions, whereas 
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the actual authorization servicing functionality per se, as broadly interpreted by the examiner 

correspond, to the applicant's claim limitation.] : and 

wherein authenticating said first user comprises verifying an identity of said first user 
[figures 1-5, and particularly figures 2,3, and accompanying descriptions, whereas the 
entitlement creation/assignment in the access rights, user/group/realm information (i.e., 
the database referencing aspects thereof) pertaining to user ID, name, address, password, 
ACL analog, etc., aspects, as broadly interpreted by the examiner correspond, to the 
applicant's claim limitation.]". 

Further, as per claim 60, this claim is the embodied method software for the method 
claim 26 above, and is rejected for the same reasons provided for the claim 26 rejection. 

Further, as per claim 63, this claim is the apparatus/system for the method claim 26 
above, and is rejected for the same reasons provided for the claim 26 rejection. 

30. Claim 27 additionally recites the limitation that; "A method according to claim 26, 
wherein said one or more external authentication systems include: 

a default web server authentication system; 

an authentication plug-in; and 

a third party authentication system.". 
The teachings of Olden are directed towards such limitations (i.e., coL 3,lines 24-col. 4,hne 45, 
col. 6,lines 36-62, col. 9,lines 63-col. 1 l,line 54, col. 19,lines 43-col. 20,line 57, whereas the 
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plurality of authorization servers ... at least one authorization dispatcher . . . communicate with 
the entitlements server component . . . Web server plug-ins are started. . . cookies . . . Web server 
plug-ins . ' which clearly encompasses plural authentication/authorization/access to resources 
aspects, as broadly interpreted by the examiner would clearly encompass ' . . . first authentication 
system ... default web server ... second authentication ... plug-in; and said third authentication 
. . . third party authentication system. ..'.). 



3 1 . Claim 28 additionally recites the limitation that; "A method according to claim 26, 
wherein: 

said access system protects a plurality of resources, 

said plurality of resources includes said first resource, a second resource and a 
third resource; 

said first resource uses said first authentication system for authentication 
services; 

said second resource uses a second authentication system for 
authentication services, 

said second authentication system is separate fi*om said access 
system; and 

said third resource uses a third authentication system for authentication 
services, 

said third authentication system is separate fi-om said access 
system.". 
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The teachings of Olden are directed towards such limitations (i.e., col 3,iines 24-col. 4,line 45, 
col. 6,lines 36-62, col. 9,lines 63-col. 1 l,line 54, col. 19,lines 43-col. 20,line 57, whereas the * . . . 
plurality of authorization servers ... at least one authorization dispatcher . . . communicate with 
the entitlements server component . . . ' which clearly encompasses plural 
authentication/authorization/access to resources aspects, as broadly interpreted by the examiner 
would clearly encompass ' . . . authorization system is part . . . protects a plurality of resources, . . . 
said first resource uses said first authentication system for authentication services; said second 
resource . . . said third resource . . . authentication system ...*.). 

32. Claim 29 additionally recite the limitation that; "A method according to claim 28, 
wherein: 

said first authentication system is a default web server authentication system; 
said second authentication system is a authentication plug-in; and 
said third authentication system is a third party authentication system.". 
The teachings of Olden are directed towards such limitations (i.e., col. 3,lines 24-col. 4,line 45, 
col. 6,lines 36-62, col. 9,lines 63-col. 1 l,line 54, col. 19,lines 43-col. 20,line 57, whereas the 
plurality of authorization servers ... at least one authorization dispatcher ... communicate with 
the entitlements server component ... Web server plug-ins are started... cookies ... Web server 
plug-ins ..." which clearly encompasses plural authentication/authorization/access to resources 
aspects, as broadly interpreted by the examiner would clearly encompass ' . . . first authentication 
system . . . default web server . . . second authentication . . . plug-in; and said third authentication 
. . . third party authentication system. ..'.). 
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Further, as per the claim 61 additionally recited limitation, this claim is the embodied 
method software for the method claims 28,29 above, and is rejected for the same reasons 
provided for the claims 28,29 rejection. 

Further, as per the claim 64 additionally recited limitation, this claim is the 
apparatus/system for the method claims 28,29 above, and is rejected for the same reasons 
provided for the claims 28,29 rejection. 

33. Claim 30 additionally recites the Umitation that; "A method according to claim 26, 
wherein said step of relying includes: 

accessing a pre-designated variable having a value; and 
storing said value as an identification of an authenticated user.". 
The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-col 24,line 
57, whereas the ' . . . cookie is created for each user . . . ' which clearly is a cookie based on user 
information/variables and the transfer thereof as broadly interpreted by the examiner would 
clearly encompass ' ... accessing a pre-designated variable ... storing ... identification of an 
authenticated user . . . \). 

34. Claim 3 1 additionally recites the limitation that; "A method according to claim 30, 
wherein said step of performing authorization services includes the steps of 

accessing one or more authorization rules for said first resource; 
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using said identification to access an identity profile [i.e., figures 1-5, and particularly 
figures 2,3, and accompanying descriptions, whereas the entitlement creation/assignment in the 
access rights, user/group/realm information (i.e., the database referencing aspects thereof) 
pertaining to user ID, name, address, password, ACL analog, etc., aspects, as broadly interpreted 
by the examiner correspond, to the applicant's ' . . . using said user . . . information to access . . . 
profile ...'.]; and 

evaluating one or more attributes fi"om said identity profile against said one or more 
authorization rules for said first resource to determine whether to authorize access to said first 
resource.". 

The teachings of Olden are directed towards such limitations (i.e., col. 6,lines 36-col. 1 l,line 54, 
whereas the ' . . .at least one authorization dispatcher . . . conmiunicate with the entitlements server 
component . . . ' which encompasses policy/rules/user information (and profile database) aspects, 
as broadly interpreted by the examiner, and would clearly encompass ' . . . authorization . . . 
includes . . . authorization rules . . . identity profile . . . evaluating one or more attributes . . . 
identity profile ... to determine . . . access to said first resource ...'.). 

Further, as per the claim 62 additionally recited limitation, this claim is the embodied 
method software for the method claims 30,3 1 above, and is rejected for the same reasons 
provided for the claims 30,3 1 rejection. 
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Further, as per the claim 65 additionally recited Hmitation, this claim is the 
apparatus/system for the method claims 30,3 1 above, and is rejected for the same reasons 
provided for the claims 30,31 rejection. 

Response to Amendment 
52. As per applicant's argument concerning the lack of teaching by Olden of "separate" and 
"external " network system configuration aspects, the examiner has fully considered in this 
response to amendment; the arguments, and finds them not to be persuasive. The present claim 
language amendments do not sufficiently distinguish the claim language use of the phrase 
"separate" in the context of delineating the configuration of the servers involved (i.e., 
authentication, authorization, WEB services, etc., servers so as to distinguish multi-servers per 
platform fi*om multi-platform/multi-services). Again, the examiner broadly interprets the 
apphcant's use of the term "separate" as not necessarily physical separation, insofar as the term 
"separate" could, again in the broadest interpretation, could encompass temporal separation (i.e., 
the methods are separated via a sequential execution), virtual separation (i.e., the method 
execution threads within a software embodiment order of execution), a software module 
separation, or a physical separation (i.e., node, physical module, processor or co-processor 
module, etc.,). Again, the Olden teaching of the various architectures in the architecture section 
(i.e., col. 23,lines 55-col. 24,Hne 57, col. 4,lines 55-64, col. 5,lines 10-21, col. 6,Unes 36-62, et 
seq.) clearly encompasses the applicants "separate" and "external " network system 
configuration claim elements, as this is in itself a major component of the ' 102 rejection 
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argument put forth. Nowhere in the claim language does the recitation of a requirement for an 
explicit claiming of the differentiation aspect concerning the various types of "separate" appear; 
just the broad "separate" criteria per se. Therefore, the various Olden architectures in the 
architecture section (i.e., again, authentication, authorization, WEB services, etc., servers so as to 
distinguish multi-servers per platform from muhi-platform/multi-services Olden architectures), 
as being broadly interpreted by the examiner, as per the claim language, would therefore be 
applicable in the rejection, such that the rejection support references collectively encompass the 
said claim limitations in their entirety. 

53. TfflS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 . 136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 
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Conclusion 

54. Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Ronald Baum, whose telephone number is (571) 272-3861, and whose 
unofficial Fax number is (571) 273-3861. The examiner can normally be reached Monday 
through Thursday from 8:00 AM to 5:30 PM: 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (571) 272-3795. The Fax number for the organization 
where this application is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. For more information for 
unpublished applications is available through Private PAIR only. For more information about the 
PAIR system, see http://pair-direct.uspto.gov . Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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